Verify file permissions in zip files

[tolzhabayev]

Even though we do our best to try to set the file permissions correctly when we generate them - it can happen that sometimes those file permissions get modified by users.

Validator should have a new check to ensure that the permissions are set properly also for other files than executables

plugin-validator/pkg/analysis/passes/binarypermissions/binarypermissions.go

Line 4 in 18ec4dc

"encoding/json"

Additional checks:

Check that the following permissions are set:

• At least 640? on all files in the zip file for signature verification

Example of where it failed recently was plugin manifest file called go_plugin_build_manifest which is usually generated with 755
https://github.com/grafana/grafana-plugin-sdk-go/blob/3bbfa89bed9c0882140eee5004e2657cf9ae2fce/build/common.go#L205

But for some reason ended up being 600 in the following plugin https://grafana.com/api/plugins/oci-metrics-datasource/versions/5.2.0/download

This led the verfiyHash function to fail and mark plugin as invalid signature / modified signature: https://github.com/grafana/grafana/blob/0220fd588a2ef308ede052da79d5daa91eb33015/pkg/plugins/manager/signature/manifest.go#L264 on Grafana Cloud. We did not catch this locally as we are running Grafana probably with different set of privileges and did not have this issue.